On June 23, September 3, the Linux core development team published a message on the official website, indicating that the team found a hacker intrusion in 828. The hacker obtained the highest website permission root and embedded a Trojan. The Linux core development team suspected that hackers had stolen the authentication and entered the system, and then used the rootkit tool to obtain the root permission. However, it is still unclear about the method.
September 3 message: the Linux core development team posted a message on the official website,
It indicates that the team found a hacker intrusion in 8/28. The hacker obtained the highest website permission root and embedded a Trojan.
The Linux core development team suspected that hackers had stolen the authentication and entered the system. Then, they used the rootkit tool to obtain the root permission,
However, we still have no idea about the method so far. After hacker intrusion, modify the related settings after SSH connection, and embed a piece of wood
The trojan program is sent to the system boot Startup Program.
The team found that there was a problem with Linux core version 3.1-RC2, but it was not sure that it was related to intrusion. They have requested
The 448-bit Linux core system developer changes the password and SSH link encryption key, and notifies us and European law enforcement agencies.
The Linux core team reinstalls new servers and reviews website information security policies one by one to avoid repeated incidents.
In terms of the original code of the Linux core program, Linux founder Linus Torvalds invented a GIT version management system,
More than 40 thousand files of the core program have corresponding encrypted SHA-1 hash function values. When someone changes the program code after the official release,
It is easy to be found because the SHA-1 hash function value does not match. However, not all users use GIT to obtain the original code.